On Wed, May 31, 2006 at 10:19:42PM +0200, Matthias Kilian wrote:
On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:
Expect I was not clear.
Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking
I was thinking of redirecting all the ssh attacks
to spamd. spamd is a program that is used to having
bad guy attaching it, so it should not effect the
security. Then using the max-src-conn-rate to
block them.
My actual problem is less with ssh then the
Microsoft vpn. I trust the people who
On 6/7/06, Peter Fraser [EMAIL PROTECTED] wrote:
My actual problem is less with ssh then the
Microsoft vpn. I trust the people who have
ssh connections to have good passwords,
It the people with vpn connections that
I don't trust. And I of course would do
the same trick with the vpn port.
for
: Wednesday, May 31, 2006 3:02 PM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: ssh attacks
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
block in on Outsize proto tcp port ssh flags S/SA
state (max-src-conn-rate 100/10, overload bad_hosts flush global
Matthias Kilian wrote:
On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:
Expect I was not clear.
Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking those addresses, I want to stop an expected attack
Tobias Ulmer wrote:
This topic comes up in regular intervals of 6 month on every *nix
mailinglist i'm on.
It's stupid (sorry, but it is):
Gained security = 0%
Leave it just as it is. You don't have anything to fear anything if
you use decent passwords. Otherwise don't offer a ssh
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
block in on Outsize proto tcp port ssh flags S/SA
state (max-src-conn-rate 100/10, overload bad_hosts flush global)
This does not work. One gets a message that keeping state on
a blocked run makes no sense.
See the example on
want to use the information that someone
was trying to ssh to those address to identify person as
an attacker.
-Original Message-
From: Matthias Kilian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 31, 2006 3:02 PM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: ssh attacks
On Wed, May
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
Right now someone is trying out each IP address I have
with an ssh attack. Only one of those IP addresses is
enabled for ssh. I have a (max-src-conn-rate 100/10,
overload bad_guys flush global) on that address.
I would like to
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
Right now someone is trying out each IP address I have
with an ssh attack. Only one of those IP addresses is
enabled for ssh. I have a (max-src-conn-rate 100/10,
overload bad_guys flush global) on that address.
I would like to
to ssh to those address to identify person as
an attacker.
-Original Message-
From: Matthias Kilian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 31, 2006 3:02 PM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: ssh attacks
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter
On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:
Expect I was not clear.
Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking those addresses, I want to stop an expected attack
on address 4. I
On Wed, 31 May 2006, Peter Fraser wrote:
Expect I was not clear.
Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking those addresses, I want to stop an expected attack
on address 4. I never want to pass ssh
This has been asked before, and I tried many of the suggestions given
especially with pf (max-src-conn). But the simplest way to stop this,
is to change your ssh port. You can do all that tweaking in pf but your
logs will still show that someone tried, just that your logs will be
smaller.
On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
Right now someone is trying out each IP address I have
with an ssh attack. Only one of those IP addresses is
enabled for ssh. I have a (max-src-conn-rate 100/10,
overload bad_guys flush global) on that address.
I would like to
15 matches
Mail list logo